Posts Tagged ‘Secure Web Hosting’
by FireHost Evangelist on November 25th, 2009
You’ve just plopped down in your favorite chair after a big Turkey Day meal. Your first “real break” in months. Your only intention today is to relax because you know the next five weeks (from CyberMonday through New Years) will be non-stop, chaotic “fun” for your new business online.
Just as your head tips back and your mind wanders off to dream about the great momentum strong holiday sales will provide for your new enterprise, the phone rings. It’s your Web site developer. The news is not good. Somehow, someone has compromised your site’s customer database and taken critical customer data, like credit card information.
What you do in the next 48 hours will be critical to getting your business back online, on track, and on safe ground. Two things to remember: Transparency and Communication. It’s not just about restoring your Web site to a secure state but restoring your customer’s confidence to continue to shop with you.
Step 1: Announce and Assess (Timeframe: Immediately – 12 hours after the breach is discovered)
Immediately, get your site offline. Google has some specific recommendations regarding the best way to accomplish this.
Customers appreciate being notified as soon as possible, and they would rather hear it from you first. Plus, being the first to report the cyber crime lets you control the message. Concurrently, make a general public statement about what has happened and instruct all individuals (or companies) who have done business with your company to monitor their credit report and banking statements for inconsistencies.
Deliver the statement to all concerned parties via email and make sure to train all customer-facing representatives with the appropriate dialogue. Here’s a concise and effective example from Balmar Incorporated.
Step 2: Conduct a Deeper Investigation (Timeframe: 12 hours – 36 hours+)
Computer forensic auditors, PCI representatives, governmental agencies, and others may be involved in the process depending on the nature of your business.
Start by interviewing all personnel responsible for securing your environment and find out if they are aware of any known vulnerabilities. Next, begin reviewing log files with the following specific goals in mind: Identifying the date(s) of the breach, how many customers were compromised, and what information was stolen.
(more…)
Tags: eCommerce Cybercrime Holiday 2009, Online Shopping Safety 2009, Secure Web Hosting
Posted in: Security | No Comments »
by FireHost Evangelist on November 19th, 2009
As consumers proceed full force into the online shopping season, it’s important to remember that good-hearted, upstanding citizens won’t be the only ones filling their shopping cart. As cybercriminals prepare to trade massive scores of PII (personally identifiable information) for cash in the “Underground Economy”, it’s important you recognize the risks and take steps necessary to protect your identity.
Symantec’s report on cybercrime reveals the volume and lucrativeness of identity theft.
- Credit cards, the hottest commodity, account for nearly 33% of all illegal transactions and produce approximately $5.3 billion in revenue each year. Credit card numbers fetch between $0.10 to $25 per card, so compromising as many accounts as possible motivates thieves in this category.
- Stolen financial accounts, the next most lucrative target, produce approximately $1.7 billion in revenue (20% of the total volume). Historically, stolen bank accounts have carried an average balance of $40,000 and sold for $10 and $1,000 each.
Crafty, sneaky, and increasingly sophisticated hacker techniques make it difficult to detect schemes, but (re)educating yourself on the risks and acting on protective measures will help prevent identity theft from ruining your holiday season.
#1 Check Statements Daily and Monitor Credit – Review transactions flowing thru your bank and credit card accounts daily. Detecting and reporting fraud or identify theft fast will “stop the bleeding” and increase the chances for a complete financial recovery. Federal law provides consumers one free copy of their credit report (from each of the reporting bureaus) every year. Toward the end of the middle or end of the holiday shopping season may be a strategic time to exercise your right. Contact Experian, TransUnion, and Equifax annually.
#2 Implement Password Confidentiality and Strength – Stolen passwords contribute a great deal to identity theft and security breaches taking place online. Password security seems so simple and obvious, but the recent incident with Hotmail shows that consumers are not following basic guidelines for safety and much work and education remains to be done. So, here are the top password guidelines (AGAIN!)
- Don’t share your password with anyone.
- Change passwords often.
- Set a different, strong password for every website you visit. For example, Twitter should not have the same PW as your bank account or email, etc.
- Strong passwords include 8 characters and a mix of symbols, numbers and letters.
- Finally, a service like One Password can help make the task of implementing good password safety more manageable.
(more…)
Tags: eCommerce Cybercrime Holiday 2009, Online Shopping Safety 2009, Secure Web Hosting
Posted in: Security | No Comments »
by FireHost Evangelist on November 14th, 2009
Less than 20 days until CyberMonday. Your warehouse is full. Your shipper is standing by. But have you considered what will happen at your website after a flood of qualified buyers click on the irresistible and precisely worded ad for your product or service? Now (not then) is the time to find out if your website can take the heat that CyberMonday will dish out.
The Yahoo! Network Insights team reveals that eCommerce retailers see a 73% increase in online conversions on the Monday following Thanksgiving (compared to the average shopping day in November). This means when consumers open their wallet on 11/30, they will be ready to buy.
You’ve got one shot, one day to win their holiday business, and you need to be totally sure your customers’ data is completely secure, as hackers are just waiting to steal all of those juicy credit card numbers from the thousands of people coming to your site that day.
So how can you improve user experience and conversion for your eCommerce Web site on high traffic days like CyberMonday while ensuring their security? Creative elements aside, there a many technical intricacies that help make your Web site stand out online and stay secure.
Load times, load times, load times. When your Web server is underpowered, pages load slowly and can even fail making it appear that your Web site is down. If your Web site appears to be on the fritz, consumers a) won’t have the patience to wait on you to get it figured out or b) will lose faith in your ability to process orders successfully.
A Web site on the fritz raises questions in consumers minds and decreases the likelihood that they’ll hand over their hard earned money. Was my order received? Is this Web site capable of protecting my PII (personally identifiable information)? Could someone steal my credit card number? And you know what? These are totally legitimate fears. Hacker activity in the last year has increased drastically, and your buyers know it.
Nestling your precious eCommerce Web site in a reliable, High Availability hosting environment and deploying a content delivery network capable of quickly serving up all your high-quality product shots, video customer testimonials, and other heavy media files can help prevent the situation from ever becoming a concern.
(more…)
Tags: eCommerce Cybercrime Holiday 2009, Online Shopping Safety 2009, Secure Web Hosting
Posted in: Web Hosting | No Comments »
by FireHost Evangelist on November 9th, 2009
Tis the season for shopping, travel, food, and family. Unlike holiday seasons of past, planning and performing these activities will involve the web. Booking travel online. Searching for great buys, and purchasing gifts for your family, friends, and clients. Discovering the best recipes and party ideas to ensure your holiday gathering is memorable. When you sit back to think about it, eCommerce is infiltrating our shopping lives, and for good reason.
- eCommerce websites never close.
- You can easily compare prices from multiple sellers.
- No lines, crowded parking lots, or germs (H1N1).
All these benefits mean more and more people (of all ages and economic conditions) will be shopping online during the holidays in 2009 – enough to generate an estimated $156 Billion in sales. (Online shopping represents 36% of sales expected from all channels this winter according to the National Retail Federation.)
That’s music to the ears of cyberthieves. Like retailers, hackers are going into their busy season. The influx of shoppers using eCommerce websites over the next several weeks means that there are more cyber crime victims upon whom to prey.
Even if cybercriminals can only maintain conversion rates for malware (Trojans, rootkits, spyware, zero-day exploits, keyloggers, and viruses) and phishing attempts (spam), the voluminous spike in traffic means they will increase their earnings. Cyber thieves know that unpredictable traffic patterns and spikes can make it difficult to detect a security breach meaning hacks carried out during the holidays may go overlooked for a longer period of time.
So that’s that backdrop in front of which a secure web hosting provider views holiday 2009, and we’re up for the challenge.
(more…)
Tags: eCommerce Cybercrime Holiday 2009, Online Shopping Safety 2009, Secure Web Hosting
Posted in: Security | No Comments »
by FireHost Evangelist on November 5th, 2009
The FBI released a statement this week warning small and medium businesses about a significant increase in fraud involving valid online banking credentials.
“Within the last several months, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts. In a typical scenario, the targeted entity receives a “spear phishing” e-mail which either contains an infected attachment, or directs the recipient to an infected website. Once the recipient opens the attachment or visits the website, malware is installed on their computer. The malware contains a key logger which will harvest each recipient’s business or corporate bank account login information.”
The victims in this particular type of scheme are being referred to as “Money Mules” because they simply serve as a conduit between the SMB’s business bank account and the hacker’s bank account. In most cases, the funds disappear to a foreign bank account too quickly for the cyber theft trail to be detected.
It makes sense that small and medium businesses are targeted most often; hackers score more dollars per incident from business banking accounts than consumers. As a result of the heightened risk associated with the Money Mule scheme, the FBI encourages all business banking customers that use online banking to contact their financial institution and inquire about the security measures in place to help prevent Money Mule attacks.
(more…)
Tags: ach fraud, banking cybercrime, money mules, Secure Web Hosting
Posted in: Security | No Comments »
by FireHost Evangelist on October 30th, 2009
McAfee’s study, “The Security Paradox” examines how small and medium organizations that employ between 51-1,000 workers address IT security and growing cyber threats.
An overarching theme of the report reveals that SMBs around the world (and particularly in North America) believe they are too small and pose too little value to hackers to be worth their time, but recent trends in hacker and cybercrime activity reveal that’s just not the case.
In reality, SMBs’ limited resources, inadequate security, and lack of technical expertise make them more vulnerable to cyber attack, and hackers are taking notice.
Jeff Green, Senior VP of McAfee Avert Labs confirmed, “High profile attacks [on larger enterprises] are becoming less frequent because they are often detected quickly. Attackers are favoring stealth attacks that quietly infiltrate systems [of small and medium businesses].”
To change this trend, small and medium-sized organizations will need to make significant shifts in their fundamental values and budgetary allocations.
(more…)
Tags: cybercrime, Hackers, Secure Web Hosting, SMB security
Posted in: Security | No Comments »
by FireHost Evangelist on October 21st, 2009
The WordPress Development team has been working feverishly to launch the next big release (2.9) by the end of October. However, security vulnerabilities pose such a threat to their HUGE user-base, they back-ported some of the 2.9 security patches into a version released yesterday – 2.8.5.
WordPress version 2.8.5 addresses the following security vulnerabilities:
- Fixes the Trackback Denial-of-Service (DOS) attack vulnerability
- Removes code areas where php code in variables are evaluated
- Upgrades file upload functionality so all users (including Admins) are whitelisted
- Retires two Tag data importers from old plug-ins
This interim release shows the WordPress Development Team’s commitment to protecting users with the maximum level of security they can provide. Impressive!
All WordPress users should harden their installation immediately by upgrading to this new version now. Upgrading your website is a great excuse to upgrade your hosting environment as well.
Ask yourself:
(more…)
Tags: Secure Web Hosting, Wordpress Hosting, WordPress Security
Posted in: Security | No Comments »
by FireHost Evangelist on October 6th, 2009
Of the 285 million successful data breaches investigated by Verizon Business last year, 99% of the data was stolen from servers and applications, not desktops, mobile devices, or portable media. Additionally, over 90% of the 285 million successful data breaches involved organizations that provide financial services.
Experts attribute the proliferation of cybercrime in the Financial Services sector to the recent and lucrative trend toward personal identification number (PIN) fraud.
Hackers who successfully associate a stolen PIN with the appropriate credit card or debit account information can steal cash directly from the consumer’s account. This type of attack, where money is taken “legitimately” from checking, savings, and/or brokerage accounts is more difficult to trace and almost impossible for consumers to defend.
Cyber criminals have been quick to react to the vulnerability, re-engineering processing and developing new memory-scraping malware making it easy to obtain and store PIN details.
While Financial Services Organizations accounted for most of the data compromises, they were not the most targeted sector:
- Retail Industry #1 at approximately 33% of all attacks
- Financial Services #2 at approximately 30% of all attacks (highest growth, +16% from previous years)
- Food and Beverage Services #3 at approximately 14%
These statistics (30% of attacks, 90% of successful breaches) indicate that security measures presently in place with financial institutions are severely underdeveloped.
(more…)
Tags: cyber criminals, PCI Compliance, pin fraud, Secure Web Hosting
Posted in: Security | No Comments »
by FireHost Evangelist on September 29th, 2009
If you weren’t able to attend DrupalCon Paris at the beginning of the month, well… frankly, you’re not alone. Many of our Western counterparts didn’t make the trek to gay Paris. We didn’t go either, but we’ve decided to direct our effort away from being bitter about missing the show to bringing you some of the great updates from Drupal.
One of our favorite excepts is by Heine Deelstra. Mr. Deelstra is a member of the Drupal Security Team, and he has been a Drupal user for over 4 years. His presentation at DrupalCon focuses on securing Drupal code.
In an exceptionally thorough explanation of some of the biggest threats to Drupal users, Mr. Deelstra reveals the most prevalent and annoying hacker exploits. His presentation explores the cause for attacks like Access Bypass, SQL Injections, CSRF (Cross Site Request Forgery), and XSS (Cross site Scripting). In summary:
(more…)
Tags: drupal conference, drupalcon, secure drupal, Secure Web Hosting
Posted in: Security | No Comments »
by FireHost Evangelist on September 25th, 2009
The Curious George childrens’ television show, which is run by the Public Broadcasting Service (PBS), was propagating malware from at least Monday until Thursday last week.
Nidhi Shah, a research scientist at Purewire told SCMagazineUS.com, “It’s not clear how how hackers were able to break into the site, but it is possible that they obtained the credentials to an FTP account or exploited an SQL injection vulnerability.”
The exploit manifested as a pop up for visitors to authenticate their session with a username and password before viewing the site contents. When users canceled the message screen or entered the wrong credentials, an error page informed them that they had failed to login properly. That error page contained JavaScript code which loaded malware from an exploit site targeting a number of known software vulnerabilities in Adobe Acrobat Reader, AOL Radio AmpX and SuperBuddy and Apple QuickTime. Any user not patched against these bugs received the malware.
(more…)
Tags: ftp vulnerability, Secure Web Hosting, Security Threats, SQL Injections
Posted in: Security | No Comments »
